By Topic

Position Statement: On the Evolution of Adversary Models in Computer Systems and Networks

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

1 Author(s)
Gligor, V.D. ; Electr. & Comput. Eng. Dept., Carnegie Mellon Univ., Pittsburgh, PA

Summary form only given. Invariably, new technologies introduce new vulnerabilities which often enable new attacks by increasingly potent adversaries. Yet new systems are more adept at handling well-known attacks by old adversaries than anticipating new ones. Our adversary models seem to be perpetually out of date: often they do not capture adversary attacks and sometimes they address attacks rendered impractical by new technologies. In this panel presentation, I provide a brief overview of adversary models beginning with those required by program and data sharing technologies ('60-70s), continuing with those required by computer communication and networking technologies (70s-'90s), and ending with those required by and sensor network technologies ('00s ->). I argue that sensor, ad-hoc, and mesh networks require new models, that are able to account for physical node capture by adversaries. Protecting device secrets (e.g., cryptographic keys) via physical security mechanisms will continue to require network security measures, despite advances in physical security measures and devices. I argue that "good-enough" measures in the face of node capture by adversaries can be obtained by using emergent properties. Intuitively, these are properties that cannot be provided by individual network nodes - no matter how well-endowed nodes might be - but instead result from interaction and collaboration among multiple nodes. Such properties can be used to detect, often probabilistically, the presence of an adversary within a network and to pinpoint with reasonable accuracy the affected network area (e.g., identify a specific captured node, a particular properly of captured nodes). However, all such measures require periodic network monitoring in normal mode to detect a somewhat rare event (i.e., node capture, replica insertion) and hence their cost can be high. I illustrate a new simple probabilistic protocol that avoids the effects of node capture by detecting adversaries - - attempts to access a node's internal state, and discuss various design trade-offs that will characterize much of the future research in this area.

Published in:

Computer Software and Applications, 2008. COMPSAC '08. 32nd Annual IEEE International

Date of Conference:

July 28 2008-Aug. 1 2008